package com.lagou.edu.mvcframework.security;

import com.lagou.edu.mvcframework.annotations.LagouService;
import com.lagou.edu.mvcframework.pojo.Handler;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@LagouService
public class DefaultSecurityHandler implements SecurityHandler {
    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, Handler handler) throws PermissionException {
        //没有权限控制的方法放行
        if (handler.getRequiredPermissions() == null) {
            return;
        }
        String username = request.getParameter("username");
        if (username == null || (username = username.trim()).isEmpty() || !handler.getRequiredPermissions().contains(username)) {
            throw new PermissionException(handler.getRequiredPermissions());
        }
    }
}
